NIS2 / CyberFundamentals compliance

The NIS2 directive extends cybersecurity obligations to many organisations, and now engages the responsibility of their management. The firm first determines the scope of applicability — whether you are concerned, and at what level — then measures the gap against CyberFundamentals, the CCB framework that translates the directive into concrete measures.

From there follows a prioritised action plan — measures, owners, deadlines — together with the evidence file expected during an audit. The technical implementation of the fixes falls under the Audit and Engineering families.